[Smcwg-public] Considering CAA for the S/MIME Baseline Requirements
Stephen Davidson
Stephen.Davidson at digicert.com
Mon Oct 30 18:27:42 UTC 2023
Hello:
The S/MIME Certificate Working Group (SMCWG) of the CA/Browser Forum proposes to add a requirement for CAs issuing publicly-trusted S/MIME certificates to implement Certificate Authority Authorization (CAA) checking. Public-trust CAs have used CAA for some time when issuing TLS certificates, and the new RFC 9495<https://www.rfc-editor.org/rfc/rfc9495.html> extends CAA with a new property tag for "issuemail".
The benefit is that domain holders will be able to specify CAs they authorize to issue certificates on their behalf separately for TLE and for S/MIME.
The current plan is to allow up to 12 months for CAs to implement CAA following publication of the amending ballot to the S/MIME Baseline Requirements<https://github.com/cabforum/smime/blob/main/SBR.md>.
The SMCWG is now starting work on that amending ballot. We encourage both Certificate Issuers as well as PKI application software providers involved in issuing S/MIME certificates to become familiar with RFC 9495, and welcome feedback on the pending requirement and implementation timeframe.
With kind regards,
Stephen Davidson
Chair, S/MIME Certificate Working Group
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231030/af02ebdc/attachment.html>
More information about the Smcwg-public
mailing list